This talk will cover the end-to-end use cases for sigstore, a free keyless signing service, in a software supply chain framework (SLSA, NIST SSDF). We will cover the key technologies and goals such as immutable audits and real-time continuous compliance.
Chainguard
Software Supply Chain Architect
John Osborne is a Software Supply Chain Architect at Chainguard focusing on end-to-end integrity of software artifacts. Most of his time is spent helping customers along their software supply chain journey with SLSA or NIST SSDF. He’s been active in cloud-native communities for the past 7 years. Prior to his arrival at Chainguard, he spent 9 years at Red Hat, most recently as the NA Practice L…
Cloud Native Computing Foundation
Organizer
CNCF
Organizer
Linux Foundation (CNCF)
Organizer
CNCF
Organizer